Cyber criminals in 'gold rush' to exploit cryptocurrencies

A new report from risk management and threat intelligence company Digital Shadows shows that cyber criminals are looking to exploit the boom in interest and adoption of cryptocurrencies.

The study highlights the most common methods used by these criminal actors, which include crypto jacking, account takeovers, mining fraud and scams against initial coin offerings (ICOs).

"Cyber criminals follow the money and right now they see in the unregulated and largely unsecure world of digital currencies a huge opportunity to target people, businesses and exchanges and make money quickly and easily," says Rick Holland, VP strategy at Digital Shadows. "In many ways it's like the gold rush of the 1840s as people flood to the opportunity cryptocurrencies present and are preyed on by criminals and the unscrupulous."

Botnets are one of the main ways fraudulently minining cryptocurrency. First used to mine Bitcoin in 2014, the complexity of doing so made it financially unviable, however botnets are now making a comeback as newer currencies like Monero are easier to mine. As such Digital Shadows has seen botnets available to rent for as little as $40, one with almost 2,000 rentals so far.

A newer tool is the crypto-jacker where attackers secretly use mobile device or computers resources to mine cryptocurrencies. Since the middle of 2017, browsers, browser extensions, and mobile apps have all been used to spread Coinhive, a Javascript miner for Monero.

The study has also seen targeting of logins for currency exchange accounts in credential stuffing attacks -- where compromised IDs and passwords from elsewhere are tried against login portals. Digital Shadows has also seen the creation of fake ICOs in order to scam investors, in addition to the kind of 'pump and dump' scams used against traditional stocks to boost the value of a currency before cashing out.